Many of you have been asking us about how we responded to the heartbleed bug which was found recently. We thought it would be a good idea to let everyone know what happened as far as our services were concerned instead of responding to you all on an individual basis.
Starter and Professional Web hosting customers may have seen a slight downtime on the Tuesday morning of the announcement while we patched out servers.
The following is a list of the branches which were and were not vulnerable to the bug.
Vulnerable:
- OpenSSL versions 1.0.1 to 1.0.1f (inclusive) are vulnerable
- Centos6
- Openssl-1.0.1e-15
- Openssl-1.0.1e-16.el6_5.4
Not Vulnerable
- Centos6
- Openssl-1.0.1e-16.el6_5.7
- OpenSSL
- 1.0.1g
- 1.0.0
- 0.9.8
If you are running a vulnerable OpenSSL version then we you should patch your servers as soon as possible and restart anything using the OpenSSL libraries.
Debian / Ubuntu: apt-get update; apt-get -y install openssl libssl1.0.0
Fedora / CentOS: yum -y update openssl
Please double check your services and your emails from us if you have a VPS solution.
SSL Certificate holders were all contacted with what to do.
